The most prolific kit today is the RIG; it has helped to bridge the gap left after the Neutrino, Angler, and Nuclear departed. The Cisco Talos scientists have decided to make things clear in regard to the development of the potent EK with some hopes to counter the RIG EK threat. Similar to uncovering the various EK threats, the way to stop infection rates will largely depend on how they can identify the routes of infection and how they are able to bypass the security device and software.

Just like other exploit kits, RIG is redirecting the various victims to the exploit kit by using gates. But what makes RIG stand out from the rest? It is their ability to combine various web technologies, for instance, JavaScript, VBscript, Flash, and DoSWF to counter the attack.

For each threat, the attack uses various strategies including dynamically altering the encryption and encoding system for all files. The Talos dissection shows that this makes sure the scripts look unique every time an attack is made. Therefore, it becomes impossible to identify the attackers using hash values and simple string matches. At the core of this kind of an attack, RIG combines the various web technologies to come up with an effective counter strategy.

RIG ensures that during the delivery of the affected file, the malware file gets executed and written numerous times on the infected PC. In the event when one malware is blocked by the anti-malware solution, there are a couple of other methods that will offer efficient backup. To form part of its RIG campaign evaluation, Cisco Talos explicitly showed that most threats were initiated via a compromised websites. These websites are those that were attacked by enemies and then malware was added by the attacker – the code added could then redirect the user to the gate.